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Amendments to the Claims : 
This listing of claims replaces all prior versions and listings of claims in the application: 

Listing of Claims : 

1 . (currently amended) A method for detecting intrusion in a database managed by an 
access control system, comprising: 

defining at least one intrusion detection profile, each profile including a set of item access 
rates, [ at l e ast on e it e m acc e ss rat e ; ] one of which includes a definition of a number of rows that 
may be accessed in a predetermined period of time; 

associating each user with one of said defined profiles; 

receiving a database query from a user; 

determining that [ wheth e r a r e sult ] execution of said query causes said user to exceed 
[ e xc ee ds any on e of th e] an item access rates defined in the profile associated with [the] said 
user; and 

notifying the access control system[ , upon d e t e rmining that th e r e sult e xc ee ds any on e of 
th e at l e ast on e it e m acc e ss rat e s d e fin e d in th e associat e d profil e , ] to alter user authorization, 
thereby [ making th e r e c e iv e d r e qu e st e d qu e ry an unauthoriz e d r e qu e st, b e for e th e result of th e 
qu e ry is ] preventing the result of the query from being transmitted to the user. 

2. (currently amended) The method of claim 1, further comprising: 
accumulating results from performed queries in a record; and 

determining whether the accumulated results exceed a member of said set of item access 
rates [ any on e of said at l e ast on e it e m acc e ss rat e]. 

3. (currently amended) The method of claim 1, further comprising marking [ wh e r e in ] an 
item [ it e ms ] subject to a member of said set of item access rates [ ar e mark e d in th e databas e , and 
wh e r e in any query conc e rning said items automatically trigger th e intrusion d e t e ction ]. 



Applicant : UlfMattsson Attorney's Docket No.: 17299-009001 

Serial No. : 10/034,996 

Filed : December 28, 2001 

Page : 4 of 7 

4. (currently amended) The method of claim 3, wherein [the] said step of determining 
[ wh e th e r an item acc e ss rat e is e xc ee d e d ] includes determining if the query result includes [rows 
&e»] a marked item [ it e ms ], and proceeding with the intrusion detection process only upon 
determining that said member of said set of item access rates [ the it e m acc e ss rat e] is exceeded. 

5. (currently amended) The method of claim 1, wherein a member of said set of fene-ef 
said at l e ast one ] item access rates defines the number of rows a user may access from a database 
item at one time. 

6. (currently amended) The method of claim 1, wherein a member of said set of [ on e of 
said at l e ast on ] item access rates defines the number of rows a group of users may access from a 
database item at one time. 

7. (currently amended) The method of claim 1, wherein a member of said set of [ on e of 
said at l e ast on ] item access rates defines the number of rows that may be accessed from a 
database item over a period of time. 

8. (currently amended) The method of claim 1, wherein a member of said set of reae-of 
said at l e ast on ] item access rates defines the number of rows a group of users may access from a 
database item over a period of time. 

9. (currently amended) The method of claim 1, wherein the intrusion detection policy 
further includes at least one inference pattern, the method further comprising: 

accumulating results from performed queries in a record; 

comparing said record with said at least one [ of said ] inference pattern [ patt e rns ], in order 
to determine whether a combination of accesses in said record match said inference policy; and 

notifying the access control system, upon determining that a combination of accesses in 
the record match said inference policy, to alter the user authorization, thereby preventing the 
result of the query from being [ making the rec e ived r e qu e st an unauthorized request, befor e said 
r e sult is ] transmitted to the user. 

10. (canceled) 

1 1 . (canceled) 

12. (new) The method of claim 1, further comprising executing said query. 
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13. (new) The method of claim 1, further comprising attaching a trigger to items subject 
to item access rates, said trigger triggering said step of determining. 



